Loading ...
Sorry, an error occurred while loading the content.

Re: Verifying relay recipients for upstream Exchange backend

Expand Messages
  • lst_hoe02@kwsoft.de
    ... As always the really fine documentation is of help: http://www.postfix.org/postconf.5.html#reject_unverified_recipient Regards Andreas
    Message 1 of 8 , Jun 1, 2011
    • 0 Attachment
      Zitat von Ansgar Wiechers <lists@...>:

      > Hello list
      >
      > I'm aware of two ways to verify recipients when relaying mail to
      > upstream Exchange servers:
      >
      > - Export recipient addresses from AD and use that list as
      > $relay_recipient_maps.
      > - Use an LDAP query in $relay_recipient_maps.
      >
      > I seem to recall that there was a third option where Postfix would probe
      > the nexthop before accepting the mail, but was unable to find it in the
      > list archive. Can someone refresh my memory? Or did I mis-remember that?

      As always the really fine documentation is of help:

      http://www.postfix.org/postconf.5.html#reject_unverified_recipient

      Regards

      Andreas
    • Ansgar Wiechers
      ... Ah, yes, that seems to be it. Thank you. Regards Ansgar Wiechers -- Abstractions save us time working, but they don t save us time learning. --Joel
      Message 2 of 8 , Jun 1, 2011
      • 0 Attachment
        On 2011-06-01 lst_hoe02@... wrote:
        > Zitat von Ansgar Wiechers <lists@...>:
        >> I'm aware of two ways to verify recipients when relaying mail to
        >> upstream Exchange servers:
        >>
        >> - Export recipient addresses from AD and use that list as
        >> $relay_recipient_maps.
        >> - Use an LDAP query in $relay_recipient_maps.
        >>
        >> I seem to recall that there was a third option where Postfix would probe
        >> the nexthop before accepting the mail, but was unable to find it in the
        >> list archive. Can someone refresh my memory? Or did I mis-remember that?
        >
        > As always the really fine documentation is of help:
        >
        > http://www.postfix.org/postconf.5.html#reject_unverified_recipient

        Ah, yes, that seems to be it. Thank you.

        Regards
        Ansgar Wiechers
        --
        "Abstractions save us time working, but they don't save us time learning."
        --Joel Spolsky
      • Shawn Heisey
        ... I do the first option by running a script on the exchange server every 15 minutes, then grabbing the result five minutes later from the mail relays. It
        Message 3 of 8 , Jun 1, 2011
        • 0 Attachment
          On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
          > I'm aware of two ways to verify recipients when relaying mail to
          > upstream Exchange servers:
          >
          > - Export recipient addresses from AD and use that list as
          > $relay_recipient_maps.
          > - Use an LDAP query in $relay_recipient_maps.
          >
          > I seem to recall that there was a third option where Postfix would probe
          > the nexthop before accepting the mail, but was unable to find it in the
          > list archive. Can someone refresh my memory? Or did I mis-remember that?

          I do the first option by running a script on the exchange server every
          15 minutes, then grabbing the result five minutes later from the mail
          relays. It does some sanity checks before replacing relay_recipients
          and postmapping it.

          The Windows side (Exchange 2010 on 2008R2) of the process consists of
          VBScript to grab the info from AD, which then runs a perl script to
          clean up the file. The Linux server has a shell script that uses
          smbclient to retrieve the data. The perl part could be run on Linux if
          you don't want to install Perl on your Windows machine.

          If anyone is interested, I can sanitize the scripts and make them available.
        • Ansgar Wiechers
          ... What for? You can easily do all the cleaning with VBScript. Regards Ansgar Wiechers -- Abstractions save us time working, but they don t save us time
          Message 4 of 8 , Jun 1, 2011
          • 0 Attachment
            On 2011-06-01 Shawn Heisey wrote:
            > On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
            >> I'm aware of two ways to verify recipients when relaying mail to
            >> upstream Exchange servers:
            >>
            >> - Export recipient addresses from AD and use that list as
            >> $relay_recipient_maps.
            >> - Use an LDAP query in $relay_recipient_maps.
            >>
            >> I seem to recall that there was a third option where Postfix would
            >> probe the nexthop before accepting the mail, but was unable to find
            >> it in the list archive. Can someone refresh my memory? Or did I mis-
            >> remember that?
            >
            > I do the first option by running a script on the exchange server every
            > 15 minutes, then grabbing the result five minutes later from the mail
            > relays. It does some sanity checks before replacing relay_recipients
            > and postmapping it.
            >
            > The Windows side (Exchange 2010 on 2008R2) of the process consists of
            > VBScript to grab the info from AD, which then runs a perl script to
            > clean up the file.

            What for? You can easily do all the cleaning with VBScript.

            Regards
            Ansgar Wiechers
            --
            "Abstractions save us time working, but they don't save us time learning."
            --Joel Spolsky
          • Len Conrad
            ... I ve been using this one for a couple years:
            Message 5 of 8 , Jun 1, 2011
            • 0 Attachment
              At 04:48 PM 6/1/2011, you wrote:
              On 2011-06-01 Shawn Heisey wrote:
              > On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
              >> I'm aware of two ways to verify recipients when relaying mail to
              >> upstream Exchange servers:
              >>
              >> - Export recipient addresses from AD and use that list as
              >>   $relay_recipient_maps.
              >> - Use an LDAP query in $relay_recipient_maps.
              >>
              >> I seem to recall that there was a third option where Postfix would
              >> probe the nexthop before accepting the mail, but was unable to find
              >> it in the list archive. Can someone refresh my memory? Or did I mis-
              >> remember that?
              >
              > I do the first option by running a script on the exchange server every
              > 15 minutes, then grabbing the result five minutes later from the mail
              > relays.  It does some sanity checks before replacing relay_recipients
              > and postmapping it.
              >
              > The Windows side (Exchange 2010 on 2008R2) of the process consists of
              > VBScript to grab the info from AD, which then runs a perl script to
              > clean up the file.

              What for? You can easily do all the cleaning with VBScript.

              I've been using this one for a couple years:

              http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl

              awk to format it to a two-field ";" delimited file, and then mysqlimport

              Len




            • Ansgar Wiechers
              ... I m aware that this can be done in Perl. I just don t see any point in using VBScript to extract the data, and then switching to Perl for further
              Message 6 of 8 , Jun 2, 2011
              • 0 Attachment
                On 2011-06-01 Len Conrad wrote:
                > At 04:48 PM 6/1/2011, you wrote:
                >> On 2011-06-01 Shawn Heisey wrote:
                >>> I do the first option by running a script on the exchange server every
                >>> 15 minutes, then grabbing the result five minutes later from the mail
                >>> relays. It does some sanity checks before replacing relay_recipients
                >>> and postmapping it.
                >>>
                >>> The Windows side (Exchange 2010 on 2008R2) of the process consists of
                >>> VBScript to grab the info from AD, which then runs a perl script to
                >>> clean up the file.
                >>
                >> What for? You can easily do all the cleaning with VBScript.
                >
                > I've been using this one for a couple years:
                >
                > <http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl>http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl
                >
                > awk to format it to a two-field ";" delimited file, and then mysqlimport

                I'm aware that this can be done in Perl. I just don't see any point in
                using VBScript to extract the data, and then switching to Perl for
                further processing.

                I also don't see any point in using awk to transform the output of a
                Perl script, BTW.

                Regards
                Ansgar Wiechers
                --
                "Abstractions save us time working, but they don't save us time learning."
                --Joel Spolsky
              • Shawn Heisey
                ... I didn t write the VBScript, I found it on the Internet. When I upgraded from Exchange 2003 to Exchange 2010, I had to find a whole new script, as the old
                Message 7 of 8 , Jun 2, 2011
                • 0 Attachment
                  On 6/2/2011 4:46 AM, Ansgar Wiechers wrote:
                  > I'm aware that this can be done in Perl. I just don't see any point in
                  > using VBScript to extract the data, and then switching to Perl for
                  > further processing.
                  >
                  > I also don't see any point in using awk to transform the output of a
                  > Perl script, BTW.

                  I didn't write the VBScript, I found it on the Internet. When I
                  upgraded from Exchange 2003 to Exchange 2010, I had to find a whole new
                  script, as the old one didn't work.

                  The inital output leaves a lot to be desired from an automation
                  standpoint, though I'm sure it's perfectly acceptable to your average
                  Windows admin. Although VBScript is not completely opaque to me, I do
                  not know it very well. The transformations required were very easy in
                  Perl, which I do know. The sanity check and deployment on Linux was
                  easiest in shell. If I were experienced in VBScript, I would have
                  handled it without the intermediate step.

                  I'm going to investigate Mr. Conrad's Perl/LDAP solution, which would be
                  easy to customize and much less prone to breakage.

                  Thanks,
                  Shawn
                Your message has been successfully submitted and would be delivered to recipients shortly.